Last month, the Health Information Trust Alliance published an analysis of the 108 breaches reported to HHS from Sept. 23, 2009 (when reporting first started under the HITECH Act) to mid-July.  This review illustrates the major impact of theft on healthcare providers.   Of 108 total reported breaches, 68 were the result of theft.  Indeed, the only [...]

According to a story published today in the News Journal, Aon Consulting is mailing letters to approximately 22,000 State of Delaware retirees after it inadvertently posted social security numbers, gender information and dates of birth in a Request for Proposal (RFP) the company prepared for the State.  The RFP information was posted by AON to the procurement [...]

In a pair of articles sent out by CNA to its law firm insureds, two large law firms showcase (by way of their privacy and risk management departments) the rising data loss exposures faced by all law firms.  An article written by seasoned privacy attorneys from Hunton & Williams provides “an overview of key privacy and information security issues impacting the practice [...]

An August 17, 2010 New Jersey decision may be negative for businesses in New Jersey despite what on the surface is  a win for a large corporation.   In Cain v. Merck & Co., Inc., the New Jersey Appellate Division addressed whether the New Jersey Business Corporation Act entitles shareholders to inspect the minutes of the [...]

Given that there exists over 20,000 environmental remediation sites in New Jersey, many companies have had to deal with the significant costs incurred in cleaning up contaminated sites despite the economic slump.  In an effort to help, in May 2009, New Jersey implemented sweeping reforms to the process of environmental site remediation when it enacted the Site Remediation Reform Act [...]

Two recent articles have come up with differing viewpoints regarding the merits of buying network security and privacy (NSAP) insurance.  On the one hand, an article in Network World has taken the position that it is almost foolish not to have NSAP insurance given the potential damages, increasing threats and the inability to safeguard against all such [...]

According to the ID Theft Resource Center, 97 of the 341 organizations that sustained a significant data breach in the first half of 2010 were in the healthcare industry.  By comparison, only 38 breaches were reported at banking and other financial institutions.   As shown by the breach sustained by BCBS Tennessee, the direct costs for breaches can exceed [...]

According to the 2010 HIMSS Analytics Report: Security of Patient Data, even though providers continue to update their security infrastructure, patient data remains at serious risk.  And, despite new statutory requirements for healthcare privacy and security, these critical gaps remain.  The study’s conclusion is not that surprising given new healthcare breaches are being reported on a daily basis. One improvement that can be immediately implemented with little [...]

A recently disclosed $10 million data breach expense bill raises an issue that has been percolating the network security and privacy (NSAP) insurance marketplace for several years now.  The publicly disclosed expenses involve BlueCross BlueShield of Tennesee (BCBST). According to BCBST, in October 2009, “57 hard drives containing audio and video files related to coordination of [...]

As reported by Wilson Elser, the Court of Appeals for the Ninth Circuit has ruled against a GL insurer looking to avoid picking up the tab for a patent suit.  After being sued for patent infringement for its online “build your own” car feature, Hyundai sought GL coverage under the “advertising injury” clause – specifically [...]